This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

WebDAV home folders authorization

Dec 19th, 2005, 04:08 PM

Hello dear forum members.

I'm wondering what is the best way to secure access to WebDAV server to provide functionality similar to user "home" folders, that is, user "a" should have full access rights to /a/*, user b to /b/* , etc. I'd like to use digest authentication filter on top webdav server (either slide or jackrabbit) and have separate authentication realm for each user. Current implementation of Digest Entry Point allows only static configuration of realm; Should I subclass DigestEntryPoint to achieve my goal?

Also, my question to Ben - as I've seen in forum history, you were going to create separate project for spring and webdav integration, so I can assume you solved similar kind of problem. Maybe a bit offtopic, what do you think, does jackrabbit has enough quality to be used in a production system as a webdav repository and server or it's better to use slide? The main problem I see with slide is lack of significant development activity since 2004 year and bad documentation.

Comment

I have not been monitoring how Slide or Jackrabbit are progressing as projects.

My needs with WebDAV were quite simple, so in the end I used Tomcat's WebDAV Servlet and then popped a Filter in front of it. The filter used Acegi Security's SecurityContextHolder to determine who the user is. It then checked the path the user was requesting from the WebDAV servlet, and sent back a redirect to their home directory if they were trying to access someone else's directory. It was simple, but worked fine. And I didn't need to implement a complex WebDAV server for this particular application's content management needs.